grpc 1.55.0 → 1.56.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Makefile +102 -68
- data/include/grpc/event_engine/event_engine.h +4 -3
- data/include/grpc/grpc_audit_logging.h +96 -0
- data/include/grpc/grpc_security.h +19 -0
- data/include/grpc/module.modulemap +2 -0
- data/include/grpc/support/json.h +218 -0
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +5 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +2 -0
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +4 -4
- data/src/core/ext/filters/client_channel/client_channel.cc +86 -104
- data/src/core/ext/filters/client_channel/client_channel.h +6 -0
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +19 -18
- data/src/core/ext/filters/client_channel/client_channel_internal.h +16 -21
- data/src/core/ext/filters/client_channel/config_selector.h +9 -24
- data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +3 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +5 -4
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client.cc +455 -0
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client.h +54 -0
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client_internal.h +186 -0
- data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +2 -7
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +53 -21
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.h +23 -2
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +19 -6
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +1 -9
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +16 -7
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +18 -1
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +12 -9
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +6 -4
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +36 -13
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/static_stride_scheduler.cc +76 -6
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +42 -40
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +4 -10
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +52 -47
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +1 -9
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +14 -16
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +40 -43
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +7 -12
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +12 -19
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +35 -33
- data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +29 -4
- data/src/core/ext/filters/client_channel/resolver/dns/event_engine/service_config_helper.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +28 -27
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +163 -46
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +16 -1
- data/src/core/ext/filters/client_channel/retry_service_config.cc +1 -0
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +10 -40
- data/src/core/ext/filters/client_channel/subchannel.cc +10 -196
- data/src/core/ext/filters/client_channel/subchannel.h +3 -43
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +5 -5
- data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +100 -6
- data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +6 -8
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +3 -3
- data/src/core/ext/filters/stateful_session/stateful_session_filter.h +16 -1
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +46 -95
- data/src/core/ext/transport/chttp2/transport/hpack_parse_result.cc +176 -0
- data/src/core/ext/transport/chttp2/transport/hpack_parse_result.h +325 -0
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +567 -543
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +150 -9
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +46 -32
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +18 -5
- data/src/core/ext/transport/chttp2/transport/internal.h +1 -15
- data/src/core/ext/transport/chttp2/transport/parsing.cc +12 -12
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +11 -2
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +15 -0
- data/src/core/ext/xds/certificate_provider_store.cc +4 -9
- data/src/core/ext/xds/certificate_provider_store.h +1 -1
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +30 -42
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +14 -9
- data/src/core/ext/xds/xds_api.cc +9 -6
- data/src/core/ext/xds/xds_api.h +3 -2
- data/src/core/ext/xds/xds_audit_logger_registry.cc +122 -0
- data/src/core/ext/xds/xds_audit_logger_registry.h +68 -0
- data/src/core/ext/xds/xds_bootstrap_grpc.cc +21 -9
- data/src/core/ext/xds/xds_bootstrap_grpc.h +5 -0
- data/src/core/ext/xds/xds_client.cc +5 -4
- data/src/core/ext/xds/xds_client_stats.h +1 -1
- data/src/core/ext/xds/xds_cluster.cc +20 -19
- data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +11 -8
- data/src/core/ext/xds/xds_common_types.cc +3 -1
- data/src/core/ext/xds/xds_http_fault_filter.cc +16 -13
- data/src/core/ext/xds/xds_http_fault_filter.h +2 -1
- data/src/core/ext/xds/xds_http_filters.h +4 -2
- data/src/core/ext/xds/xds_http_rbac_filter.cc +154 -67
- data/src/core/ext/xds/xds_http_rbac_filter.h +2 -1
- data/src/core/ext/xds/xds_http_stateful_session_filter.cc +15 -11
- data/src/core/ext/xds/xds_http_stateful_session_filter.h +2 -1
- data/src/core/ext/xds/xds_lb_policy_registry.cc +22 -16
- data/src/core/ext/xds/xds_listener.cc +1 -0
- data/src/core/ext/xds/xds_route_config.cc +40 -3
- data/src/core/ext/xds/xds_routing.cc +2 -2
- data/src/core/ext/xds/xds_transport_grpc.cc +3 -1
- data/src/core/lib/avl/avl.h +5 -0
- data/src/core/lib/backoff/random_early_detection.h +5 -0
- data/src/core/lib/channel/channel_args.cc +80 -22
- data/src/core/lib/channel/channel_args.h +34 -1
- data/src/core/lib/channel/channel_trace.cc +16 -12
- data/src/core/lib/channel/channelz.cc +159 -132
- data/src/core/lib/channel/channelz.h +42 -35
- data/src/core/lib/channel/channelz_registry.cc +23 -20
- data/src/core/lib/channel/connected_channel.cc +17 -6
- data/src/core/lib/channel/promise_based_filter.cc +0 -4
- data/src/core/lib/channel/promise_based_filter.h +2 -0
- data/src/core/lib/compression/compression_internal.cc +2 -5
- data/src/core/lib/config/config_vars.cc +20 -18
- data/src/core/lib/config/config_vars.h +4 -4
- data/src/core/lib/config/load_config.cc +13 -0
- data/src/core/lib/config/load_config.h +6 -0
- data/src/core/lib/debug/event_log.h +1 -1
- data/src/core/lib/debug/stats_data.h +1 -1
- data/src/core/lib/debug/trace.cc +24 -55
- data/src/core/lib/debug/trace.h +3 -1
- data/src/core/lib/event_engine/cf_engine/cf_engine.cc +211 -0
- data/src/core/lib/event_engine/cf_engine/cf_engine.h +86 -0
- data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +354 -0
- data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.h +146 -0
- data/src/core/lib/event_engine/cf_engine/cftype_unique_ref.h +79 -0
- data/src/core/lib/event_engine/default_event_engine.cc +13 -1
- data/src/core/lib/event_engine/default_event_engine_factory.cc +14 -2
- data/src/core/lib/event_engine/poller.h +2 -2
- data/src/core/lib/event_engine/posix.h +4 -0
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +1 -1
- data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +7 -18
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +9 -0
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +33 -19
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +2 -1
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +33 -4
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +10 -8
- data/src/core/lib/event_engine/posix_engine/timer_manager.h +1 -1
- data/src/core/lib/event_engine/shim.cc +7 -1
- data/src/core/lib/event_engine/{thread_pool.cc → thread_pool/original_thread_pool.cc} +28 -25
- data/src/core/lib/event_engine/{thread_pool.h → thread_pool/original_thread_pool.h} +11 -15
- data/src/core/lib/event_engine/thread_pool/thread_pool.h +50 -0
- data/src/core/lib/event_engine/{executor/executor.h → thread_pool/thread_pool_factory.cc} +17 -15
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +489 -0
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +249 -0
- data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.cc +166 -0
- data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.h +108 -0
- data/src/core/lib/event_engine/windows/iocp.cc +4 -3
- data/src/core/lib/event_engine/windows/iocp.h +3 -3
- data/src/core/lib/event_engine/windows/win_socket.cc +6 -6
- data/src/core/lib/event_engine/windows/win_socket.h +4 -4
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +11 -10
- data/src/core/lib/event_engine/windows/windows_endpoint.h +3 -2
- data/src/core/lib/event_engine/windows/windows_engine.cc +19 -17
- data/src/core/lib/event_engine/windows/windows_engine.h +6 -6
- data/src/core/lib/event_engine/windows/windows_listener.cc +3 -3
- data/src/core/lib/event_engine/windows/windows_listener.h +3 -2
- data/src/core/lib/event_engine/work_queue/basic_work_queue.cc +63 -0
- data/src/core/lib/event_engine/work_queue/basic_work_queue.h +71 -0
- data/src/core/lib/event_engine/work_queue/work_queue.h +62 -0
- data/src/core/lib/experiments/config.cc +38 -7
- data/src/core/lib/experiments/config.h +16 -0
- data/src/core/lib/experiments/experiments.cc +67 -20
- data/src/core/lib/experiments/experiments.h +27 -21
- data/src/core/lib/gpr/log_internal.h +55 -0
- data/src/core/lib/gprpp/crash.cc +10 -0
- data/src/core/lib/gprpp/crash.h +3 -0
- data/src/core/lib/gprpp/per_cpu.cc +33 -0
- data/src/core/lib/gprpp/per_cpu.h +29 -6
- data/src/core/lib/gprpp/time.cc +1 -0
- data/src/core/lib/iomgr/cfstream_handle.cc +1 -1
- data/src/core/lib/iomgr/endpoint_cfstream.cc +10 -8
- data/src/core/lib/iomgr/ev_apple.cc +12 -12
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +10 -3
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +15 -1
- data/src/core/lib/iomgr/iocp_windows.cc +24 -3
- data/src/core/lib/iomgr/iocp_windows.h +11 -0
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +4 -2
- data/src/core/lib/iomgr/socket_windows.cc +61 -7
- data/src/core/lib/iomgr/socket_windows.h +9 -2
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +14 -3
- data/src/core/lib/iomgr/tcp_server_posix.cc +182 -119
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +13 -1
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +21 -0
- data/src/core/lib/iomgr/tcp_server_windows.cc +1 -1
- data/src/core/lib/json/json.h +2 -166
- data/src/core/lib/json/json_object_loader.cc +8 -9
- data/src/core/lib/json/json_object_loader.h +25 -18
- data/src/core/lib/json/json_reader.cc +13 -6
- data/src/core/lib/json/json_util.cc +6 -11
- data/src/core/lib/json/json_writer.cc +7 -8
- data/src/core/lib/load_balancing/lb_policy.h +13 -0
- data/src/core/lib/load_balancing/lb_policy_registry.cc +2 -1
- data/src/core/lib/matchers/matchers.cc +3 -4
- data/src/core/lib/matchers/matchers.h +2 -1
- data/src/core/lib/promise/activity.cc +5 -0
- data/src/core/lib/promise/activity.h +10 -0
- data/src/core/lib/promise/detail/promise_factory.h +1 -1
- data/src/core/lib/promise/party.cc +31 -13
- data/src/core/lib/promise/party.h +11 -2
- data/src/core/lib/promise/pipe.h +9 -2
- data/src/core/lib/promise/prioritized_race.h +95 -0
- data/src/core/lib/promise/sleep.cc +2 -1
- data/src/core/lib/resolver/server_address.cc +0 -8
- data/src/core/lib/resolver/server_address.h +0 -6
- data/src/core/lib/resource_quota/memory_quota.cc +7 -7
- data/src/core/lib/resource_quota/memory_quota.h +1 -2
- data/src/core/lib/security/authorization/audit_logging.cc +98 -0
- data/src/core/lib/security/authorization/audit_logging.h +73 -0
- data/src/core/lib/security/authorization/grpc_authorization_engine.cc +47 -2
- data/src/core/lib/security/authorization/grpc_authorization_engine.h +18 -1
- data/src/core/lib/security/authorization/rbac_policy.cc +36 -4
- data/src/core/lib/security/authorization/rbac_policy.h +19 -2
- data/src/core/lib/security/authorization/stdout_logger.cc +75 -0
- data/src/core/lib/security/authorization/stdout_logger.h +61 -0
- data/src/core/lib/security/certificate_provider/certificate_provider_factory.h +8 -4
- data/src/core/lib/security/certificate_provider/certificate_provider_registry.cc +8 -18
- data/src/core/lib/security/certificate_provider/certificate_provider_registry.h +14 -8
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +19 -12
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +4 -2
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +1 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +15 -14
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +4 -2
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +1 -0
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +1 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +8 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +5 -1
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +1 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +2 -1
- data/src/core/lib/security/security_connector/ssl_utils.h +1 -1
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +1 -1
- data/src/core/lib/security/util/json_util.cc +1 -0
- data/src/core/lib/service_config/service_config_call_data.h +49 -20
- data/src/core/lib/service_config/service_config_impl.cc +2 -1
- data/src/core/lib/surface/call.cc +38 -23
- data/src/core/lib/surface/completion_queue.cc +6 -2
- data/src/core/lib/surface/validate_metadata.cc +37 -22
- data/src/core/lib/surface/validate_metadata.h +13 -3
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/batch_builder.cc +15 -12
- data/src/core/lib/transport/batch_builder.h +39 -35
- data/src/core/plugin_registry/grpc_plugin_registry.cc +0 -2
- data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +2 -0
- data/src/core/tsi/ssl_transport_security.cc +5 -2
- data/src/core/tsi/ssl_transport_security.h +13 -1
- data/src/ruby/ext/grpc/extconf.rb +8 -9
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +2 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +3 -0
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +10 -6
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +7 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +5 -9
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +31 -22
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +29 -26
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +189 -13
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_openbsd.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_openbsd.c +31 -0
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +795 -795
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -5
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +18 -6
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +15 -7
- data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +24 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +7 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +74 -74
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +11 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.c +12 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +14 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +10 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +23 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +13 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{hkdf → fipsmodule/hkdf}/hkdf.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +2 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +115 -133
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +12 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +57 -47
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/polyval.c +27 -28
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +21 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +5 -288
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +143 -83
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +95 -183
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +71 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +33 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +162 -6
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +18 -0
- data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +18 -11
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +6 -13
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +18 -14
- data/third_party/boringssl-with-bazel/src/crypto/{refcount_lock.c → refcount_no_threads.c} +3 -13
- data/third_party/boringssl-with-bazel/src/crypto/refcount_win.c +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/internal.h +77 -0
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_crypt.c +568 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +218 -44
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +35 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +588 -39
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +27 -18
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +17 -39
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +39 -48
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +0 -140
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +72 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +11 -14
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +33 -46
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +3 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +14 -46
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +14 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +17 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +5 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +6 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +32 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +0 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +1 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +28 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +2 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +0 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +91 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +149 -20
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +8 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +774 -615
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +42 -10
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +11 -6
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +2 -4
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +24 -16
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +65 -18
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +37 -18
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +187 -193
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +13 -129
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +85 -10
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +17 -4
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +27 -19
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +5 -21
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +5 -2
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_msvc.h +1281 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64_msvc.h +2002 -0
- data/third_party/cares/cares/include/ares.h +23 -1
- data/third_party/cares/cares/{src/lib → include}/ares_nameser.h +9 -7
- data/third_party/cares/cares/include/ares_rules.h +2 -2
- data/third_party/cares/cares/include/ares_version.h +3 -3
- data/third_party/cares/cares/src/lib/ares__addrinfo2hostent.c +266 -0
- data/third_party/cares/cares/src/lib/ares__addrinfo_localhost.c +240 -0
- data/third_party/cares/cares/src/lib/ares__parse_into_addrinfo.c +49 -80
- data/third_party/cares/cares/src/lib/ares__readaddrinfo.c +37 -43
- data/third_party/cares/cares/src/lib/ares__sortaddrinfo.c +12 -4
- data/third_party/cares/cares/src/lib/ares_data.c +16 -0
- data/third_party/cares/cares/src/lib/ares_data.h +7 -0
- data/third_party/cares/cares/src/lib/ares_destroy.c +8 -0
- data/third_party/cares/cares/src/lib/ares_expand_name.c +17 -6
- data/third_party/cares/cares/src/lib/ares_freeaddrinfo.c +1 -0
- data/third_party/cares/cares/src/lib/ares_getaddrinfo.c +156 -78
- data/third_party/cares/cares/src/lib/ares_gethostbyname.c +130 -326
- data/third_party/cares/cares/src/lib/ares_init.c +97 -485
- data/third_party/cares/cares/src/lib/ares_library_init.c +2 -89
- data/third_party/cares/cares/src/lib/ares_parse_a_reply.c +23 -142
- data/third_party/cares/cares/src/lib/ares_parse_aaaa_reply.c +22 -142
- data/third_party/cares/cares/src/lib/ares_parse_uri_reply.c +184 -0
- data/third_party/cares/cares/src/lib/ares_private.h +30 -16
- data/third_party/cares/cares/src/lib/ares_process.c +55 -16
- data/third_party/cares/cares/src/lib/ares_query.c +1 -35
- data/third_party/cares/cares/src/lib/ares_rand.c +279 -0
- data/third_party/cares/cares/src/lib/ares_send.c +5 -7
- data/third_party/cares/cares/src/lib/ares_strdup.c +12 -19
- data/third_party/cares/cares/src/lib/ares_strsplit.c +44 -128
- data/third_party/cares/cares/src/lib/ares_strsplit.h +9 -10
- data/third_party/cares/cares/src/lib/inet_net_pton.c +78 -116
- data/third_party/cares/cares/src/tools/ares_getopt.h +53 -0
- metadata +50 -12
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +0 -175
- data/src/core/ext/filters/client_channel/health/health_check_client.h +0 -43
- data/third_party/cares/cares/src/lib/ares_library_init.h +0 -43
@@ -91,6 +91,8 @@ extern "C" {
|
|
91
91
|
// be the largest fields anyone plausibly uses.
|
92
92
|
#define EC_MAX_BYTES 66
|
93
93
|
#define EC_MAX_WORDS ((EC_MAX_BYTES + BN_BYTES - 1) / BN_BYTES)
|
94
|
+
#define EC_MAX_COMPRESSED (EC_MAX_BYTES + 1)
|
95
|
+
#define EC_MAX_UNCOMPRESSED (2 * EC_MAX_BYTES + 1)
|
94
96
|
|
95
97
|
static_assert(EC_MAX_WORDS <= BN_SMALL_MAX_WORDS,
|
96
98
|
"bn_*_small functions not usable");
|
@@ -119,8 +121,8 @@ OPENSSL_EXPORT void ec_scalar_to_bytes(const EC_GROUP *group, uint8_t *out,
|
|
119
121
|
// ec_scalar_from_bytes deserializes |in| and stores the resulting scalar over
|
120
122
|
// group |group| to |out|. It returns one on success and zero if |in| is
|
121
123
|
// invalid.
|
122
|
-
int ec_scalar_from_bytes(const EC_GROUP *group, EC_SCALAR *out,
|
123
|
-
|
124
|
+
OPENSSL_EXPORT int ec_scalar_from_bytes(const EC_GROUP *group, EC_SCALAR *out,
|
125
|
+
const uint8_t *in, size_t len);
|
124
126
|
|
125
127
|
// ec_scalar_reduce sets |out| to |words|, reduced modulo the group order.
|
126
128
|
// |words| must be less than order^2. |num| must be at most twice the width of
|
@@ -241,16 +243,14 @@ int ec_felem_equal(const EC_GROUP *group, const EC_FELEM *a, const EC_FELEM *b);
|
|
241
243
|
// Points.
|
242
244
|
//
|
243
245
|
// Points may represented in affine coordinates as |EC_AFFINE| or Jacobian
|
244
|
-
// coordinates as |
|
246
|
+
// coordinates as |EC_JACOBIAN|. Affine coordinates directly represent a
|
245
247
|
// point on the curve, but point addition over affine coordinates requires
|
246
248
|
// costly field inversions, so arithmetic is done in Jacobian coordinates.
|
247
249
|
// Converting from affine to Jacobian is cheap, while converting from Jacobian
|
248
250
|
// to affine costs a field inversion. (Jacobian coordinates amortize the field
|
249
251
|
// inversions needed in a sequence of point operations.)
|
250
|
-
//
|
251
|
-
// TODO(davidben): Rename |EC_RAW_POINT| to |EC_JACOBIAN|.
|
252
252
|
|
253
|
-
// An
|
253
|
+
// An EC_JACOBIAN represents an elliptic curve point in Jacobian coordinates.
|
254
254
|
// Unlike |EC_POINT|, it is a plain struct which can be stack-allocated and
|
255
255
|
// needs no cleanup. It is specific to an |EC_GROUP| and must not be mixed
|
256
256
|
// between groups.
|
@@ -258,7 +258,7 @@ typedef struct {
|
|
258
258
|
// X, Y, and Z are Jacobian projective coordinates. They represent
|
259
259
|
// (X/Z^2, Y/Z^3) if Z != 0 and the point at infinity otherwise.
|
260
260
|
EC_FELEM X, Y, Z;
|
261
|
-
}
|
261
|
+
} EC_JACOBIAN;
|
262
262
|
|
263
263
|
// An EC_AFFINE represents an elliptic curve point in affine coordinates.
|
264
264
|
// coordinates. Note the point at infinity cannot be represented in affine
|
@@ -269,7 +269,7 @@ typedef struct {
|
|
269
269
|
|
270
270
|
// ec_affine_to_jacobian converts |p| to Jacobian form and writes the result to
|
271
271
|
// |*out|. This operation is very cheap and only costs a few copies.
|
272
|
-
void ec_affine_to_jacobian(const EC_GROUP *group,
|
272
|
+
void ec_affine_to_jacobian(const EC_GROUP *group, EC_JACOBIAN *out,
|
273
273
|
const EC_AFFINE *p);
|
274
274
|
|
275
275
|
// ec_jacobian_to_affine converts |p| to affine form and writes the result to
|
@@ -279,8 +279,8 @@ void ec_affine_to_jacobian(const EC_GROUP *group, EC_RAW_POINT *out,
|
|
279
279
|
//
|
280
280
|
// If only extracting the x-coordinate, use |ec_get_x_coordinate_*| which is
|
281
281
|
// slightly faster.
|
282
|
-
int ec_jacobian_to_affine(const EC_GROUP *group, EC_AFFINE *out,
|
283
|
-
|
282
|
+
OPENSSL_EXPORT int ec_jacobian_to_affine(const EC_GROUP *group, EC_AFFINE *out,
|
283
|
+
const EC_JACOBIAN *p);
|
284
284
|
|
285
285
|
// ec_jacobian_to_affine_batch converts |num| points in |in| from Jacobian
|
286
286
|
// coordinates to affine coordinates and writes the results to |out|. It returns
|
@@ -289,7 +289,7 @@ int ec_jacobian_to_affine(const EC_GROUP *group, EC_AFFINE *out,
|
|
289
289
|
// This function is not implemented for all curves. Add implementations as
|
290
290
|
// needed.
|
291
291
|
int ec_jacobian_to_affine_batch(const EC_GROUP *group, EC_AFFINE *out,
|
292
|
-
const
|
292
|
+
const EC_JACOBIAN *in, size_t num);
|
293
293
|
|
294
294
|
// ec_point_set_affine_coordinates sets |out|'s to a point with affine
|
295
295
|
// coordinates |x| and |y|. It returns one if the point is on the curve and
|
@@ -307,12 +307,12 @@ int ec_point_mul_no_self_test(const EC_GROUP *group, EC_POINT *r,
|
|
307
307
|
|
308
308
|
// ec_point_mul_scalar sets |r| to |p| * |scalar|. Both inputs are considered
|
309
309
|
// secret.
|
310
|
-
int ec_point_mul_scalar(const EC_GROUP *group,
|
311
|
-
const
|
310
|
+
int ec_point_mul_scalar(const EC_GROUP *group, EC_JACOBIAN *r,
|
311
|
+
const EC_JACOBIAN *p, const EC_SCALAR *scalar);
|
312
312
|
|
313
313
|
// ec_point_mul_scalar_base sets |r| to generator * |scalar|. |scalar| is
|
314
314
|
// treated as secret.
|
315
|
-
int ec_point_mul_scalar_base(const EC_GROUP *group,
|
315
|
+
int ec_point_mul_scalar_base(const EC_GROUP *group, EC_JACOBIAN *r,
|
316
316
|
const EC_SCALAR *scalar);
|
317
317
|
|
318
318
|
// ec_point_mul_scalar_batch sets |r| to |p0| * |scalar0| + |p1| * |scalar1| +
|
@@ -333,10 +333,10 @@ int ec_point_mul_scalar_base(const EC_GROUP *group, EC_RAW_POINT *r,
|
|
333
333
|
// none. If generalizing to tuned curves, this may be useful. However, we still
|
334
334
|
// must double up to the least efficient input, so precomputed tables can only
|
335
335
|
// save table setup and allow a wider window size.
|
336
|
-
int ec_point_mul_scalar_batch(const EC_GROUP *group,
|
337
|
-
const
|
338
|
-
const
|
339
|
-
const
|
336
|
+
int ec_point_mul_scalar_batch(const EC_GROUP *group, EC_JACOBIAN *r,
|
337
|
+
const EC_JACOBIAN *p0, const EC_SCALAR *scalar0,
|
338
|
+
const EC_JACOBIAN *p1, const EC_SCALAR *scalar1,
|
339
|
+
const EC_JACOBIAN *p2, const EC_SCALAR *scalar2);
|
340
340
|
|
341
341
|
#define EC_MONT_PRECOMP_COMB_SIZE 5
|
342
342
|
|
@@ -355,7 +355,7 @@ typedef union {
|
|
355
355
|
// This function is not implemented for all curves. Add implementations as
|
356
356
|
// needed.
|
357
357
|
int ec_init_precomp(const EC_GROUP *group, EC_PRECOMP *out,
|
358
|
-
const
|
358
|
+
const EC_JACOBIAN *p);
|
359
359
|
|
360
360
|
// ec_point_mul_scalar_precomp sets |r| to |p0| * |scalar0| + |p1| * |scalar1| +
|
361
361
|
// |p2| * |scalar2|. |p1| or |p2| may be NULL to skip the corresponding term.
|
@@ -379,7 +379,7 @@ int ec_init_precomp(const EC_GROUP *group, EC_PRECOMP *out,
|
|
379
379
|
// none. If generalizing to tuned curves, we should add a parameter for the base
|
380
380
|
// point and arrange for the generic implementation to have base point tables
|
381
381
|
// available.
|
382
|
-
int ec_point_mul_scalar_precomp(const EC_GROUP *group,
|
382
|
+
int ec_point_mul_scalar_precomp(const EC_GROUP *group, EC_JACOBIAN *r,
|
383
383
|
const EC_PRECOMP *p0, const EC_SCALAR *scalar0,
|
384
384
|
const EC_PRECOMP *p1, const EC_SCALAR *scalar1,
|
385
385
|
const EC_PRECOMP *p2, const EC_SCALAR *scalar2);
|
@@ -388,9 +388,9 @@ int ec_point_mul_scalar_precomp(const EC_GROUP *group, EC_RAW_POINT *r,
|
|
388
388
|
// generator * |g_scalar| + |p| * |p_scalar|. It assumes that the inputs are
|
389
389
|
// public so there is no concern about leaking their values through timing.
|
390
390
|
OPENSSL_EXPORT int ec_point_mul_scalar_public(const EC_GROUP *group,
|
391
|
-
|
391
|
+
EC_JACOBIAN *r,
|
392
392
|
const EC_SCALAR *g_scalar,
|
393
|
-
const
|
393
|
+
const EC_JACOBIAN *p,
|
394
394
|
const EC_SCALAR *p_scalar);
|
395
395
|
|
396
396
|
// ec_point_mul_scalar_public_batch sets |r| to the sum of generator *
|
@@ -401,15 +401,15 @@ OPENSSL_EXPORT int ec_point_mul_scalar_public(const EC_GROUP *group,
|
|
401
401
|
//
|
402
402
|
// This function is not implemented for all curves. Add implementations as
|
403
403
|
// needed.
|
404
|
-
int ec_point_mul_scalar_public_batch(const EC_GROUP *group,
|
404
|
+
int ec_point_mul_scalar_public_batch(const EC_GROUP *group, EC_JACOBIAN *r,
|
405
405
|
const EC_SCALAR *g_scalar,
|
406
|
-
const
|
406
|
+
const EC_JACOBIAN *points,
|
407
407
|
const EC_SCALAR *scalars, size_t num);
|
408
408
|
|
409
409
|
// ec_point_select, in constant time, sets |out| to |a| if |mask| is all ones
|
410
410
|
// and |b| if |mask| is all zeros.
|
411
|
-
void ec_point_select(const EC_GROUP *group,
|
412
|
-
const
|
411
|
+
void ec_point_select(const EC_GROUP *group, EC_JACOBIAN *out, BN_ULONG mask,
|
412
|
+
const EC_JACOBIAN *a, const EC_JACOBIAN *b);
|
413
413
|
|
414
414
|
// ec_affine_select behaves like |ec_point_select| but acts on affine points.
|
415
415
|
void ec_affine_select(const EC_GROUP *group, EC_AFFINE *out, BN_ULONG mask,
|
@@ -422,14 +422,14 @@ void ec_precomp_select(const EC_GROUP *group, EC_PRECOMP *out, BN_ULONG mask,
|
|
422
422
|
// ec_cmp_x_coordinate compares the x (affine) coordinate of |p|, mod the group
|
423
423
|
// order, with |r|. It returns one if the values match and zero if |p| is the
|
424
424
|
// point at infinity of the values do not match.
|
425
|
-
int ec_cmp_x_coordinate(const EC_GROUP *group, const
|
425
|
+
int ec_cmp_x_coordinate(const EC_GROUP *group, const EC_JACOBIAN *p,
|
426
426
|
const EC_SCALAR *r);
|
427
427
|
|
428
428
|
// ec_get_x_coordinate_as_scalar sets |*out| to |p|'s x-coordinate, modulo
|
429
429
|
// |group->order|. It returns one on success and zero if |p| is the point at
|
430
430
|
// infinity.
|
431
431
|
int ec_get_x_coordinate_as_scalar(const EC_GROUP *group, EC_SCALAR *out,
|
432
|
-
const
|
432
|
+
const EC_JACOBIAN *p);
|
433
433
|
|
434
434
|
// ec_get_x_coordinate_as_bytes writes |p|'s affine x-coordinate to |out|, which
|
435
435
|
// must have at must |max_out| bytes. It sets |*out_len| to the number of bytes
|
@@ -437,7 +437,7 @@ int ec_get_x_coordinate_as_scalar(const EC_GROUP *group, EC_SCALAR *out,
|
|
437
437
|
// field. This function returns one on success and zero on failure.
|
438
438
|
int ec_get_x_coordinate_as_bytes(const EC_GROUP *group, uint8_t *out,
|
439
439
|
size_t *out_len, size_t max_out,
|
440
|
-
const
|
440
|
+
const EC_JACOBIAN *p);
|
441
441
|
|
442
442
|
// ec_point_byte_len returns the number of bytes in the byte representation of
|
443
443
|
// a non-infinity point in |group|, encoded according to |form|, or zero if
|
@@ -461,12 +461,12 @@ int ec_point_from_uncompressed(const EC_GROUP *group, EC_AFFINE *out,
|
|
461
461
|
// ec_set_to_safe_point sets |out| to an arbitrary point on |group|, either the
|
462
462
|
// generator or the point at infinity. This is used to guard against callers of
|
463
463
|
// external APIs not checking the return value.
|
464
|
-
void ec_set_to_safe_point(const EC_GROUP *group,
|
464
|
+
void ec_set_to_safe_point(const EC_GROUP *group, EC_JACOBIAN *out);
|
465
465
|
|
466
466
|
// ec_affine_jacobian_equal returns one if |a| and |b| represent the same point
|
467
467
|
// and zero otherwise. It treats both inputs as secret.
|
468
468
|
int ec_affine_jacobian_equal(const EC_GROUP *group, const EC_AFFINE *a,
|
469
|
-
const
|
469
|
+
const EC_JACOBIAN *b);
|
470
470
|
|
471
471
|
|
472
472
|
// Implementation details.
|
@@ -480,48 +480,48 @@ struct ec_method_st {
|
|
480
480
|
// point_get_affine_coordinates sets |*x| and |*y| to the affine coordinates
|
481
481
|
// of |p|. Either |x| or |y| may be NULL to omit it. It returns one on success
|
482
482
|
// and zero if |p| is the point at infinity.
|
483
|
-
int (*point_get_affine_coordinates)(const EC_GROUP *, const
|
483
|
+
int (*point_get_affine_coordinates)(const EC_GROUP *, const EC_JACOBIAN *p,
|
484
484
|
EC_FELEM *x, EC_FELEM *y);
|
485
485
|
|
486
486
|
// jacobian_to_affine_batch implements |ec_jacobian_to_affine_batch|.
|
487
487
|
int (*jacobian_to_affine_batch)(const EC_GROUP *group, EC_AFFINE *out,
|
488
|
-
const
|
488
|
+
const EC_JACOBIAN *in, size_t num);
|
489
489
|
|
490
490
|
// add sets |r| to |a| + |b|.
|
491
|
-
void (*add)(const EC_GROUP *group,
|
492
|
-
const
|
491
|
+
void (*add)(const EC_GROUP *group, EC_JACOBIAN *r, const EC_JACOBIAN *a,
|
492
|
+
const EC_JACOBIAN *b);
|
493
493
|
// dbl sets |r| to |a| + |a|.
|
494
|
-
void (*dbl)(const EC_GROUP *group,
|
494
|
+
void (*dbl)(const EC_GROUP *group, EC_JACOBIAN *r, const EC_JACOBIAN *a);
|
495
495
|
|
496
496
|
// mul sets |r| to |scalar|*|p|.
|
497
|
-
void (*mul)(const EC_GROUP *group,
|
497
|
+
void (*mul)(const EC_GROUP *group, EC_JACOBIAN *r, const EC_JACOBIAN *p,
|
498
498
|
const EC_SCALAR *scalar);
|
499
499
|
// mul_base sets |r| to |scalar|*generator.
|
500
|
-
void (*mul_base)(const EC_GROUP *group,
|
500
|
+
void (*mul_base)(const EC_GROUP *group, EC_JACOBIAN *r,
|
501
501
|
const EC_SCALAR *scalar);
|
502
502
|
// mul_batch implements |ec_mul_scalar_batch|.
|
503
|
-
void (*mul_batch)(const EC_GROUP *group,
|
504
|
-
const
|
505
|
-
const
|
506
|
-
const
|
503
|
+
void (*mul_batch)(const EC_GROUP *group, EC_JACOBIAN *r,
|
504
|
+
const EC_JACOBIAN *p0, const EC_SCALAR *scalar0,
|
505
|
+
const EC_JACOBIAN *p1, const EC_SCALAR *scalar1,
|
506
|
+
const EC_JACOBIAN *p2, const EC_SCALAR *scalar2);
|
507
507
|
// mul_public sets |r| to |g_scalar|*generator + |p_scalar|*|p|. It assumes
|
508
508
|
// that the inputs are public so there is no concern about leaking their
|
509
509
|
// values through timing.
|
510
510
|
//
|
511
511
|
// This function may be omitted if |mul_public_batch| is provided.
|
512
|
-
void (*mul_public)(const EC_GROUP *group,
|
513
|
-
const EC_SCALAR *g_scalar, const
|
512
|
+
void (*mul_public)(const EC_GROUP *group, EC_JACOBIAN *r,
|
513
|
+
const EC_SCALAR *g_scalar, const EC_JACOBIAN *p,
|
514
514
|
const EC_SCALAR *p_scalar);
|
515
515
|
// mul_public_batch implements |ec_point_mul_scalar_public_batch|.
|
516
|
-
int (*mul_public_batch)(const EC_GROUP *group,
|
517
|
-
const EC_SCALAR *g_scalar, const
|
516
|
+
int (*mul_public_batch)(const EC_GROUP *group, EC_JACOBIAN *r,
|
517
|
+
const EC_SCALAR *g_scalar, const EC_JACOBIAN *points,
|
518
518
|
const EC_SCALAR *scalars, size_t num);
|
519
519
|
|
520
520
|
// init_precomp implements |ec_init_precomp|.
|
521
521
|
int (*init_precomp)(const EC_GROUP *group, EC_PRECOMP *out,
|
522
|
-
const
|
522
|
+
const EC_JACOBIAN *p);
|
523
523
|
// mul_precomp implements |ec_point_mul_scalar_precomp|.
|
524
|
-
void (*mul_precomp)(const EC_GROUP *group,
|
524
|
+
void (*mul_precomp)(const EC_GROUP *group, EC_JACOBIAN *r,
|
525
525
|
const EC_PRECOMP *p0, const EC_SCALAR *scalar0,
|
526
526
|
const EC_PRECOMP *p1, const EC_SCALAR *scalar1,
|
527
527
|
const EC_PRECOMP *p2, const EC_SCALAR *scalar2);
|
@@ -581,7 +581,7 @@ struct ec_method_st {
|
|
581
581
|
// cmp_x_coordinate compares the x (affine) coordinate of |p|, mod the group
|
582
582
|
// order, with |r|. It returns one if the values match and zero if |p| is the
|
583
583
|
// point at infinity of the values do not match.
|
584
|
-
int (*cmp_x_coordinate)(const EC_GROUP *group, const
|
584
|
+
int (*cmp_x_coordinate)(const EC_GROUP *group, const EC_JACOBIAN *p,
|
585
585
|
const EC_SCALAR *r);
|
586
586
|
} /* EC_METHOD */;
|
587
587
|
|
@@ -635,24 +635,24 @@ struct ec_point_st {
|
|
635
635
|
EC_GROUP *group;
|
636
636
|
// raw is the group-specific point data. Functions that take |EC_POINT|
|
637
637
|
// typically check consistency with |EC_GROUP| while functions that take
|
638
|
-
// |
|
638
|
+
// |EC_JACOBIAN| do not. Thus accesses to this field should be externally
|
639
639
|
// checked for consistency.
|
640
|
-
|
640
|
+
EC_JACOBIAN raw;
|
641
641
|
} /* EC_POINT */;
|
642
642
|
|
643
643
|
EC_GROUP *ec_group_new(const EC_METHOD *meth);
|
644
644
|
|
645
|
-
void ec_GFp_mont_mul(const EC_GROUP *group,
|
646
|
-
const
|
647
|
-
void ec_GFp_mont_mul_base(const EC_GROUP *group,
|
645
|
+
void ec_GFp_mont_mul(const EC_GROUP *group, EC_JACOBIAN *r,
|
646
|
+
const EC_JACOBIAN *p, const EC_SCALAR *scalar);
|
647
|
+
void ec_GFp_mont_mul_base(const EC_GROUP *group, EC_JACOBIAN *r,
|
648
648
|
const EC_SCALAR *scalar);
|
649
|
-
void ec_GFp_mont_mul_batch(const EC_GROUP *group,
|
650
|
-
const
|
651
|
-
const
|
652
|
-
const
|
649
|
+
void ec_GFp_mont_mul_batch(const EC_GROUP *group, EC_JACOBIAN *r,
|
650
|
+
const EC_JACOBIAN *p0, const EC_SCALAR *scalar0,
|
651
|
+
const EC_JACOBIAN *p1, const EC_SCALAR *scalar1,
|
652
|
+
const EC_JACOBIAN *p2, const EC_SCALAR *scalar2);
|
653
653
|
int ec_GFp_mont_init_precomp(const EC_GROUP *group, EC_PRECOMP *out,
|
654
|
-
const
|
655
|
-
void ec_GFp_mont_mul_precomp(const EC_GROUP *group,
|
654
|
+
const EC_JACOBIAN *p);
|
655
|
+
void ec_GFp_mont_mul_precomp(const EC_GROUP *group, EC_JACOBIAN *r,
|
656
656
|
const EC_PRECOMP *p0, const EC_SCALAR *scalar0,
|
657
657
|
const EC_PRECOMP *p1, const EC_SCALAR *scalar1,
|
658
658
|
const EC_PRECOMP *p2, const EC_SCALAR *scalar2);
|
@@ -673,9 +673,9 @@ void ec_GFp_mont_felem_exp(const EC_GROUP *group, EC_FELEM *out,
|
|
673
673
|
void ec_compute_wNAF(const EC_GROUP *group, int8_t *out,
|
674
674
|
const EC_SCALAR *scalar, size_t bits, int w);
|
675
675
|
|
676
|
-
int ec_GFp_mont_mul_public_batch(const EC_GROUP *group,
|
676
|
+
int ec_GFp_mont_mul_public_batch(const EC_GROUP *group, EC_JACOBIAN *r,
|
677
677
|
const EC_SCALAR *g_scalar,
|
678
|
-
const
|
678
|
+
const EC_JACOBIAN *points,
|
679
679
|
const EC_SCALAR *scalars, size_t num);
|
680
680
|
|
681
681
|
// method functions in simple.c
|
@@ -685,17 +685,17 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
|
|
685
685
|
const BIGNUM *b, BN_CTX *);
|
686
686
|
int ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a,
|
687
687
|
BIGNUM *b);
|
688
|
-
void ec_GFp_simple_point_init(
|
689
|
-
void ec_GFp_simple_point_copy(
|
690
|
-
void ec_GFp_simple_point_set_to_infinity(const EC_GROUP *,
|
691
|
-
void ec_GFp_mont_add(const EC_GROUP *,
|
692
|
-
const
|
693
|
-
void ec_GFp_mont_dbl(const EC_GROUP *,
|
694
|
-
void ec_GFp_simple_invert(const EC_GROUP *,
|
695
|
-
int ec_GFp_simple_is_at_infinity(const EC_GROUP *, const
|
696
|
-
int ec_GFp_simple_is_on_curve(const EC_GROUP *, const
|
697
|
-
int ec_GFp_simple_points_equal(const EC_GROUP *, const
|
698
|
-
const
|
688
|
+
void ec_GFp_simple_point_init(EC_JACOBIAN *);
|
689
|
+
void ec_GFp_simple_point_copy(EC_JACOBIAN *, const EC_JACOBIAN *);
|
690
|
+
void ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_JACOBIAN *);
|
691
|
+
void ec_GFp_mont_add(const EC_GROUP *, EC_JACOBIAN *r, const EC_JACOBIAN *a,
|
692
|
+
const EC_JACOBIAN *b);
|
693
|
+
void ec_GFp_mont_dbl(const EC_GROUP *, EC_JACOBIAN *r, const EC_JACOBIAN *a);
|
694
|
+
void ec_GFp_simple_invert(const EC_GROUP *, EC_JACOBIAN *);
|
695
|
+
int ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_JACOBIAN *);
|
696
|
+
int ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_JACOBIAN *);
|
697
|
+
int ec_GFp_simple_points_equal(const EC_GROUP *, const EC_JACOBIAN *a,
|
698
|
+
const EC_JACOBIAN *b);
|
699
699
|
void ec_simple_scalar_inv0_montgomery(const EC_GROUP *group, EC_SCALAR *r,
|
700
700
|
const EC_SCALAR *a);
|
701
701
|
|
@@ -703,7 +703,7 @@ int ec_simple_scalar_to_montgomery_inv_vartime(const EC_GROUP *group,
|
|
703
703
|
EC_SCALAR *r,
|
704
704
|
const EC_SCALAR *a);
|
705
705
|
|
706
|
-
int ec_GFp_simple_cmp_x_coordinate(const EC_GROUP *group, const
|
706
|
+
int ec_GFp_simple_cmp_x_coordinate(const EC_GROUP *group, const EC_JACOBIAN *p,
|
707
707
|
const EC_SCALAR *r);
|
708
708
|
|
709
709
|
void ec_GFp_simple_felem_to_bytes(const EC_GROUP *group, uint8_t *out,
|
@@ -320,8 +320,7 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
|
|
320
320
|
}
|
321
321
|
|
322
322
|
if (!BN_mod_sqrt(y, tmp1, &group->field, ctx)) {
|
323
|
-
|
324
|
-
|
323
|
+
uint32_t err = ERR_peek_last_error();
|
325
324
|
if (ERR_GET_LIB(err) == ERR_LIB_BN &&
|
326
325
|
ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) {
|
327
326
|
ERR_clear_error();
|
@@ -860,7 +860,7 @@ static crypto_word_t p224_get_bit(const EC_SCALAR *in, size_t i) {
|
|
860
860
|
// Takes the Jacobian coordinates (X, Y, Z) of a point and returns
|
861
861
|
// (X', Y') = (X/Z^2, Y/Z^3)
|
862
862
|
static int ec_GFp_nistp224_point_get_affine_coordinates(
|
863
|
-
const EC_GROUP *group, const
|
863
|
+
const EC_GROUP *group, const EC_JACOBIAN *point, EC_FELEM *x,
|
864
864
|
EC_FELEM *y) {
|
865
865
|
if (ec_GFp_simple_is_at_infinity(group, point)) {
|
866
866
|
OPENSSL_PUT_ERROR(EC, EC_R_POINT_AT_INFINITY);
|
@@ -895,8 +895,8 @@ static int ec_GFp_nistp224_point_get_affine_coordinates(
|
|
895
895
|
return 1;
|
896
896
|
}
|
897
897
|
|
898
|
-
static void ec_GFp_nistp224_add(const EC_GROUP *group,
|
899
|
-
const
|
898
|
+
static void ec_GFp_nistp224_add(const EC_GROUP *group, EC_JACOBIAN *r,
|
899
|
+
const EC_JACOBIAN *a, const EC_JACOBIAN *b) {
|
900
900
|
p224_felem x1, y1, z1, x2, y2, z2;
|
901
901
|
p224_generic_to_felem(x1, &a->X);
|
902
902
|
p224_generic_to_felem(y1, &a->Y);
|
@@ -911,8 +911,8 @@ static void ec_GFp_nistp224_add(const EC_GROUP *group, EC_RAW_POINT *r,
|
|
911
911
|
p224_felem_to_generic(&r->Z, z1);
|
912
912
|
}
|
913
913
|
|
914
|
-
static void ec_GFp_nistp224_dbl(const EC_GROUP *group,
|
915
|
-
const
|
914
|
+
static void ec_GFp_nistp224_dbl(const EC_GROUP *group, EC_JACOBIAN *r,
|
915
|
+
const EC_JACOBIAN *a) {
|
916
916
|
p224_felem x, y, z;
|
917
917
|
p224_generic_to_felem(x, &a->X);
|
918
918
|
p224_generic_to_felem(y, &a->Y);
|
@@ -925,7 +925,7 @@ static void ec_GFp_nistp224_dbl(const EC_GROUP *group, EC_RAW_POINT *r,
|
|
925
925
|
}
|
926
926
|
|
927
927
|
static void ec_GFp_nistp224_make_precomp(p224_felem out[17][3],
|
928
|
-
const
|
928
|
+
const EC_JACOBIAN *p) {
|
929
929
|
OPENSSL_memset(out[0], 0, sizeof(p224_felem) * 3);
|
930
930
|
|
931
931
|
p224_generic_to_felem(out[1][0], &p->X);
|
@@ -943,8 +943,8 @@ static void ec_GFp_nistp224_make_precomp(p224_felem out[17][3],
|
|
943
943
|
}
|
944
944
|
}
|
945
945
|
|
946
|
-
static void ec_GFp_nistp224_point_mul(const EC_GROUP *group,
|
947
|
-
const
|
946
|
+
static void ec_GFp_nistp224_point_mul(const EC_GROUP *group, EC_JACOBIAN *r,
|
947
|
+
const EC_JACOBIAN *p,
|
948
948
|
const EC_SCALAR *scalar) {
|
949
949
|
p224_felem p_pre_comp[17][3];
|
950
950
|
ec_GFp_nistp224_make_precomp(p_pre_comp, p);
|
@@ -992,7 +992,7 @@ static void ec_GFp_nistp224_point_mul(const EC_GROUP *group, EC_RAW_POINT *r,
|
|
992
992
|
}
|
993
993
|
|
994
994
|
static void ec_GFp_nistp224_point_mul_base(const EC_GROUP *group,
|
995
|
-
|
995
|
+
EC_JACOBIAN *r,
|
996
996
|
const EC_SCALAR *scalar) {
|
997
997
|
// Set nq to the point at infinity.
|
998
998
|
p224_felem nq[3], tmp[3];
|
@@ -1039,9 +1039,9 @@ static void ec_GFp_nistp224_point_mul_base(const EC_GROUP *group,
|
|
1039
1039
|
}
|
1040
1040
|
|
1041
1041
|
static void ec_GFp_nistp224_point_mul_public(const EC_GROUP *group,
|
1042
|
-
|
1042
|
+
EC_JACOBIAN *r,
|
1043
1043
|
const EC_SCALAR *g_scalar,
|
1044
|
-
const
|
1044
|
+
const EC_JACOBIAN *p,
|
1045
1045
|
const EC_SCALAR *p_scalar) {
|
1046
1046
|
// TODO(davidben): If P-224 ECDSA verify performance ever matters, using
|
1047
1047
|
// |ec_compute_wNAF| for |p_scalar| would likely be an easy improvement.
|
@@ -187,7 +187,7 @@ static void ecp_nistz256_mod_inverse_sqr_mont(BN_ULONG r[P256_LIMBS],
|
|
187
187
|
|
188
188
|
// r = p * p_scalar
|
189
189
|
static void ecp_nistz256_windowed_mul(const EC_GROUP *group, P256_POINT *r,
|
190
|
-
const
|
190
|
+
const EC_JACOBIAN *p,
|
191
191
|
const EC_SCALAR *p_scalar) {
|
192
192
|
assert(p != NULL);
|
193
193
|
assert(p_scalar != NULL);
|
@@ -299,8 +299,8 @@ static crypto_word_t calc_wvalue(size_t *index, const uint8_t p_str[33]) {
|
|
299
299
|
return booth_recode_w7(wvalue);
|
300
300
|
}
|
301
301
|
|
302
|
-
static void ecp_nistz256_point_mul(const EC_GROUP *group,
|
303
|
-
const
|
302
|
+
static void ecp_nistz256_point_mul(const EC_GROUP *group, EC_JACOBIAN *r,
|
303
|
+
const EC_JACOBIAN *p,
|
304
304
|
const EC_SCALAR *scalar) {
|
305
305
|
alignas(32) P256_POINT out;
|
306
306
|
ecp_nistz256_windowed_mul(group, &out, p, scalar);
|
@@ -311,7 +311,7 @@ static void ecp_nistz256_point_mul(const EC_GROUP *group, EC_RAW_POINT *r,
|
|
311
311
|
OPENSSL_memcpy(r->Z.words, out.Z, P256_LIMBS * sizeof(BN_ULONG));
|
312
312
|
}
|
313
313
|
|
314
|
-
static void ecp_nistz256_point_mul_base(const EC_GROUP *group,
|
314
|
+
static void ecp_nistz256_point_mul_base(const EC_GROUP *group, EC_JACOBIAN *r,
|
315
315
|
const EC_SCALAR *scalar) {
|
316
316
|
uint8_t p_str[33];
|
317
317
|
OPENSSL_memcpy(p_str, scalar->words, 32);
|
@@ -356,9 +356,9 @@ static void ecp_nistz256_point_mul_base(const EC_GROUP *group, EC_RAW_POINT *r,
|
|
356
356
|
}
|
357
357
|
|
358
358
|
static void ecp_nistz256_points_mul_public(const EC_GROUP *group,
|
359
|
-
|
359
|
+
EC_JACOBIAN *r,
|
360
360
|
const EC_SCALAR *g_scalar,
|
361
|
-
const
|
361
|
+
const EC_JACOBIAN *p_,
|
362
362
|
const EC_SCALAR *p_scalar) {
|
363
363
|
assert(p_ != NULL && p_scalar != NULL && g_scalar != NULL);
|
364
364
|
|
@@ -420,7 +420,7 @@ static void ecp_nistz256_points_mul_public(const EC_GROUP *group,
|
|
420
420
|
}
|
421
421
|
|
422
422
|
static int ecp_nistz256_get_affine(const EC_GROUP *group,
|
423
|
-
const
|
423
|
+
const EC_JACOBIAN *point, EC_FELEM *x,
|
424
424
|
EC_FELEM *y) {
|
425
425
|
if (ec_GFp_simple_is_at_infinity(group, point)) {
|
426
426
|
OPENSSL_PUT_ERROR(EC, EC_R_POINT_AT_INFINITY);
|
@@ -444,8 +444,8 @@ static int ecp_nistz256_get_affine(const EC_GROUP *group,
|
|
444
444
|
return 1;
|
445
445
|
}
|
446
446
|
|
447
|
-
static void ecp_nistz256_add(const EC_GROUP *group,
|
448
|
-
const
|
447
|
+
static void ecp_nistz256_add(const EC_GROUP *group, EC_JACOBIAN *r,
|
448
|
+
const EC_JACOBIAN *a_, const EC_JACOBIAN *b_) {
|
449
449
|
P256_POINT a, b;
|
450
450
|
OPENSSL_memcpy(a.X, a_->X.words, P256_LIMBS * sizeof(BN_ULONG));
|
451
451
|
OPENSSL_memcpy(a.Y, a_->Y.words, P256_LIMBS * sizeof(BN_ULONG));
|
@@ -459,8 +459,8 @@ static void ecp_nistz256_add(const EC_GROUP *group, EC_RAW_POINT *r,
|
|
459
459
|
OPENSSL_memcpy(r->Z.words, a.Z, P256_LIMBS * sizeof(BN_ULONG));
|
460
460
|
}
|
461
461
|
|
462
|
-
static void ecp_nistz256_dbl(const EC_GROUP *group,
|
463
|
-
const
|
462
|
+
static void ecp_nistz256_dbl(const EC_GROUP *group, EC_JACOBIAN *r,
|
463
|
+
const EC_JACOBIAN *a_) {
|
464
464
|
P256_POINT a;
|
465
465
|
OPENSSL_memcpy(a.X, a_->X.words, P256_LIMBS * sizeof(BN_ULONG));
|
466
466
|
OPENSSL_memcpy(a.Y, a_->Y.words, P256_LIMBS * sizeof(BN_ULONG));
|
@@ -573,7 +573,7 @@ static int ecp_nistz256_scalar_to_montgomery_inv_vartime(const EC_GROUP *group,
|
|
573
573
|
}
|
574
574
|
|
575
575
|
static int ecp_nistz256_cmp_x_coordinate(const EC_GROUP *group,
|
576
|
-
const
|
576
|
+
const EC_JACOBIAN *p,
|
577
577
|
const EC_SCALAR *r) {
|
578
578
|
if (ec_GFp_simple_is_at_infinity(group, p)) {
|
579
579
|
return 0;
|
@@ -31,8 +31,9 @@
|
|
31
31
|
#include "./internal.h"
|
32
32
|
|
33
33
|
#if defined(BORINGSSL_HAS_UINT128)
|
34
|
-
#define BORINGSSL_NISTP256_64BIT 1
|
35
34
|
#include "../../../third_party/fiat/p256_64.h"
|
35
|
+
#elif defined(OPENSSL_64_BIT)
|
36
|
+
#include "../../../third_party/fiat/p256_64_msvc.h"
|
36
37
|
#else
|
37
38
|
#include "../../../third_party/fiat/p256_32.h"
|
38
39
|
#endif
|
@@ -40,7 +41,7 @@
|
|
40
41
|
|
41
42
|
// utility functions, handwritten
|
42
43
|
|
43
|
-
#if defined(
|
44
|
+
#if defined(OPENSSL_64_BIT)
|
44
45
|
#define FIAT_P256_NLIMBS 4
|
45
46
|
typedef uint64_t fiat_p256_limb_t;
|
46
47
|
typedef uint64_t fiat_p256_felem[FIAT_P256_NLIMBS];
|
@@ -413,7 +414,7 @@ static crypto_word_t fiat_p256_get_bit(const EC_SCALAR *in, int i) {
|
|
413
414
|
// Takes the Jacobian coordinates (X, Y, Z) of a point and returns (X', Y') =
|
414
415
|
// (X/Z^2, Y/Z^3).
|
415
416
|
static int ec_GFp_nistp256_point_get_affine_coordinates(
|
416
|
-
const EC_GROUP *group, const
|
417
|
+
const EC_GROUP *group, const EC_JACOBIAN *point, EC_FELEM *x_out,
|
417
418
|
EC_FELEM *y_out) {
|
418
419
|
if (ec_GFp_simple_is_at_infinity(group, point)) {
|
419
420
|
OPENSSL_PUT_ERROR(EC, EC_R_POINT_AT_INFINITY);
|
@@ -443,8 +444,8 @@ static int ec_GFp_nistp256_point_get_affine_coordinates(
|
|
443
444
|
return 1;
|
444
445
|
}
|
445
446
|
|
446
|
-
static void ec_GFp_nistp256_add(const EC_GROUP *group,
|
447
|
-
const
|
447
|
+
static void ec_GFp_nistp256_add(const EC_GROUP *group, EC_JACOBIAN *r,
|
448
|
+
const EC_JACOBIAN *a, const EC_JACOBIAN *b) {
|
448
449
|
fiat_p256_felem x1, y1, z1, x2, y2, z2;
|
449
450
|
fiat_p256_from_generic(x1, &a->X);
|
450
451
|
fiat_p256_from_generic(y1, &a->Y);
|
@@ -459,8 +460,8 @@ static void ec_GFp_nistp256_add(const EC_GROUP *group, EC_RAW_POINT *r,
|
|
459
460
|
fiat_p256_to_generic(&r->Z, z1);
|
460
461
|
}
|
461
462
|
|
462
|
-
static void ec_GFp_nistp256_dbl(const EC_GROUP *group,
|
463
|
-
const
|
463
|
+
static void ec_GFp_nistp256_dbl(const EC_GROUP *group, EC_JACOBIAN *r,
|
464
|
+
const EC_JACOBIAN *a) {
|
464
465
|
fiat_p256_felem x, y, z;
|
465
466
|
fiat_p256_from_generic(x, &a->X);
|
466
467
|
fiat_p256_from_generic(y, &a->Y);
|
@@ -471,8 +472,8 @@ static void ec_GFp_nistp256_dbl(const EC_GROUP *group, EC_RAW_POINT *r,
|
|
471
472
|
fiat_p256_to_generic(&r->Z, z);
|
472
473
|
}
|
473
474
|
|
474
|
-
static void ec_GFp_nistp256_point_mul(const EC_GROUP *group,
|
475
|
-
const
|
475
|
+
static void ec_GFp_nistp256_point_mul(const EC_GROUP *group, EC_JACOBIAN *r,
|
476
|
+
const EC_JACOBIAN *p,
|
476
477
|
const EC_SCALAR *scalar) {
|
477
478
|
fiat_p256_felem p_pre_comp[17][3];
|
478
479
|
OPENSSL_memset(&p_pre_comp, 0, sizeof(p_pre_comp));
|
@@ -539,7 +540,7 @@ static void ec_GFp_nistp256_point_mul(const EC_GROUP *group, EC_RAW_POINT *r,
|
|
539
540
|
}
|
540
541
|
|
541
542
|
static void ec_GFp_nistp256_point_mul_base(const EC_GROUP *group,
|
542
|
-
|
543
|
+
EC_JACOBIAN *r,
|
543
544
|
const EC_SCALAR *scalar) {
|
544
545
|
// Set nq to the point at infinity.
|
545
546
|
fiat_p256_felem nq[3] = {{0}, {0}, {0}}, tmp[3];
|
@@ -587,9 +588,9 @@ static void ec_GFp_nistp256_point_mul_base(const EC_GROUP *group,
|
|
587
588
|
}
|
588
589
|
|
589
590
|
static void ec_GFp_nistp256_point_mul_public(const EC_GROUP *group,
|
590
|
-
|
591
|
+
EC_JACOBIAN *r,
|
591
592
|
const EC_SCALAR *g_scalar,
|
592
|
-
const
|
593
|
+
const EC_JACOBIAN *p,
|
593
594
|
const EC_SCALAR *p_scalar) {
|
594
595
|
#define P256_WSIZE_PUBLIC 4
|
595
596
|
// Precompute multiples of |p|. p_pre_comp[i] is (2*i+1) * |p|.
|
@@ -679,7 +680,7 @@ static void ec_GFp_nistp256_point_mul_public(const EC_GROUP *group,
|
|
679
680
|
}
|
680
681
|
|
681
682
|
static int ec_GFp_nistp256_cmp_x_coordinate(const EC_GROUP *group,
|
682
|
-
const
|
683
|
+
const EC_JACOBIAN *p,
|
683
684
|
const EC_SCALAR *r) {
|
684
685
|
if (ec_GFp_simple_is_at_infinity(group, p)) {
|
685
686
|
return 0;
|
@@ -748,5 +749,3 @@ DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_nistp256_method) {
|
|
748
749
|
ec_simple_scalar_to_montgomery_inv_vartime;
|
749
750
|
out->cmp_x_coordinate = ec_GFp_nistp256_cmp_x_coordinate;
|
750
751
|
}
|
751
|
-
|
752
|
-
#undef BORINGSSL_NISTP256_64BIT
|
@@ -50,7 +50,7 @@
|
|
50
50
|
// Tables for other points have table[i] = iG for i in 0 .. 16.
|
51
51
|
|
52
52
|
// fiat_p256_g_pre_comp is the table of precomputed base points
|
53
|
-
#if defined(
|
53
|
+
#if defined(OPENSSL_64_BIT)
|
54
54
|
static const fiat_p256_felem fiat_p256_g_pre_comp[2][15][2] = {
|
55
55
|
{{{0x79e730d418a9143c, 0x75ba95fc5fedb601, 0x79fb732b77622510,
|
56
56
|
0x18905f76a53755c6},
|